diff --git a/src/freedombone b/src/freedombone
index 8542e108cb7d5c413c12f0ff71745f9dfe925255..a668cd3cead2e9cbb1029c167becd01d13231756 100755
--- a/src/freedombone
+++ b/src/freedombone
@@ -3819,7 +3819,7 @@ function backup_to_friends_servers {
echo ' if [ $REMOTE_DOMAIN ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo " cd /home/$MY_USERNAME/.gnupg_fragments" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' no_of_shares=$(ls -afq keyshare* | wc -l)' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
- echo ' no_of_shares=$((no_of_fragments - 2))' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
+ echo ' no_of_shares=$((no_of_shares - 2))' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' if [[ ${no_of_shares} > 0 ]]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # Pick a share index based on the domain name' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
echo ' # This ensures that the same share is always given to the same domain' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
diff --git a/src/freedombone-config b/src/freedombone-config
index 06be374236b6e0dd73748cd6e55591716c18574b..13efa82e54d25ebaa8470fca2baca9503c55f1a4 100755
--- a/src/freedombone-config
+++ b/src/freedombone-config
@@ -271,65 +271,136 @@ function interactive_gpg_from_remote {
return 0
}
+function reconstruct_key {
+ if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then
+ return
+ fi
+ cd /home/$MY_USERNAME/.gnupg_fragments
+ no_of_shares=$(ls -afq keyshare* | wc -l)
+ no_of_shares=$((no_of_shares - 2))
+ if [[ ${no_of_shares} < 4 ]]; then
+ dialog --title "Encryption keys" --msgbox 'Not enough fragments to reconstruct the key' 6 70
+ exit 7348
+ fi
+ gfcombine /home/$MY_USERNAME/.gnupg_fragments/keyshare*
+ if [ ! "$?" = "0" ]; then
+ dialog --title "Encryption keys" --msgbox 'Unable to reconstruct the key' 6 70
+ exit 7348
+ fi
+
+ KEYS_FILE=/home/$MY_USERNAME/.gnupg_fragments/keyshare.asc
+ if [ ! -f $KEYS_FILE ]; then
+ dialog --title "Encryption keys" --msgbox 'Unable to reconstruct the key' 6 70
+ fi
+
+ su -c "gpg --allow-secret-key-import --import $KEYS_FILE" - $MY_USERNAME
+ if [ ! "$?" = "0" ]; then
+ echo 'Unable to import gpg key'
+ shred -zu $KEYS_FILE
+ rm -rf /home/$MY_USERNAME/.tempgnupg
+ exit 9654
+ fi
+
+ dialog --title "Encryption keys" --msgbox 'Key has been reconstructed' 6 70
+}
+
function interactive_gpg_from_usb {
- dialog --title "Encryption keys" --msgbox 'Plug in a USB drive containing a copy of your .gnupg directory' 6 70
+ dialog --title "Encryption keys" --msgbox 'Plug in a USB drive containing a copy of your full key or key fragment' 6 70
- if [[ $INSTALLING_ON_BBB == "yes" ]]; then
- GPG_USB_DRIVE='/dev/sda1'
- if [ ! -b $GPG_USB_DRIVE ]; then
- dialog --title "Encryption keys" --msgbox 'No USB drive found' 6 30
- exit 739836
- fi
- else
- GPG_USB_DRIVE='/dev/sdb1'
- if [ ! -b $GPG_USB_DRIVE ]; then
- GPG_USB_DRIVE='/dev/sdc1'
+ GPG_LOADING="yes"
+ GPG_CTR=0
+ while [[ $GPG_LOADING == "yes" ]]
+ do
+ if [[ $INSTALLING_ON_BBB == "yes" ]]; then
+ GPG_USB_DRIVE='/dev/sda1'
if [ ! -b $GPG_USB_DRIVE ]; then
- GPG_USB_DRIVE='/dev/sdd1'
+ if [[ ${GPG_CTR} > 0 ]]; then
+ reconstruct_key
+ return 0
+ fi
+ dialog --title "Encryption keys" --msgbox 'No USB drive found' 6 30
+ exit 739836
+ fi
+ else
+ GPG_USB_DRIVE='/dev/sdb1'
+ if [ ! -b $GPG_USB_DRIVE ]; then
+ GPG_USB_DRIVE='/dev/sdc1'
if [ ! -b $GPG_USB_DRIVE ]; then
- dialog --title "Encryption keys" --msgbox 'No USB drive found' 6 30
- exit 27852
+ GPG_USB_DRIVE='/dev/sdd1'
+ if [ ! -b $GPG_USB_DRIVE ]; then
+ if [[ ${GPG_CTR} > 0 ]]; then
+ reconstruct_key
+ return 0
+ fi
+ dialog --title "Encryption keys" --msgbox 'No USB drive found' 6 30
+ exit 27852
+ fi
fi
fi
fi
- fi
- GPG_USB_MOUNT='/mnt/usb'
- umount -f $GPG_USB_MOUNT
- if [ ! -d $GPG_USB_MOUNT ]; then
- mkdir -p $GPG_USB_MOUNT
- fi
+ GPG_USB_MOUNT='/mnt/usb'
+ umount -f $GPG_USB_MOUNT
+ if [ ! -d $GPG_USB_MOUNT ]; then
+ mkdir -p $GPG_USB_MOUNT
+ fi
- if [ -f /dev/mapper/encrypted_usb ]; then
- rm -rf /dev/mapper/encrypted_usb
- fi
- cryptsetup luksClose encrypted_usb
- cryptsetup luksOpen $GPG_USB_DRIVE encrypted_usb
- if [ "$?" = "0" ]; then
- GPG_USB_DRIVE=/dev/mapper/encrypted_usb
- fi
- mount $GPG_USB_DRIVE $GPG_USB_MOUNT
- if [ ! "$?" = "0" ]; then
- dialog --title "Encryption keys" --msgbox "There was a problem mounting the USB drive to $GPG_USB_MOUNT" 6 70
- rm -rf $GPG_USB_MOUNT
- exit 74393
- fi
+ if [ -f /dev/mapper/encrypted_usb ]; then
+ rm -rf /dev/mapper/encrypted_usb
+ fi
+ cryptsetup luksClose encrypted_usb
+ cryptsetup luksOpen $GPG_USB_DRIVE encrypted_usb
+ if [ "$?" = "0" ]; then
+ GPG_USB_DRIVE=/dev/mapper/encrypted_usb
+ fi
+ mount $GPG_USB_DRIVE $GPG_USB_MOUNT
+ if [ ! "$?" = "0" ]; then
+ if [[ ${GPG_CTR} > 0 ]]; then
+ rm -rf $GPG_USB_MOUNT
+ reconstruct_key
+ return 0
+ fi
+ dialog --title "Encryption keys" \
+ --msgbox "There was a problem mounting the USB drive to $GPG_USB_MOUNT" 6 70
+ rm -rf $GPG_USB_MOUNT
+ exit 74393
+ fi
- if [ ! -d $GPG_USB_MOUNT/.gnupg ]; then
- dialog --title "Encryption keys" --msgbox "The directory $GPG_USB_MOUNT/.gnupg was not found" 6 70
- umount $GPG_USB_MOUNT
- rm -rf $GPG_USB_MOUNT
- exit 723814
- fi
+ if [ ! -d $GPG_USB_MOUNT/.gnupg ]; then
+ if [ ! -d $GPG_USB_MOUNT/.gnupg_fragments ]; then
+ if [[ ${GPG_CTR} > 0 ]]; then
+ umount $GPG_USB_MOUNT
+ rm -rf $GPG_USB_MOUNT
+ reconstruct_key
+ return 0
+ fi
+ dialog --title "Encryption keys" \
+ --msgbox "The directory $GPG_USB_MOUNT/.gnupg or $GPG_USB_MOUNT/.gnupg_fragments was not found" 6 70
+ umount $GPG_USB_MOUNT
+ rm -rf $GPG_USB_MOUNT
+ exit 723814
+ fi
+ fi
- cp -r $GPG_USB_MOUNT/.gnupg /home/$(grep 'MY_USERNAME' temp.cfg | awk -F '=' '{print $2}')
+ if [ -d $GPG_USB_MOUNT/.gnupg ]; then
+ cp -r $GPG_USB_MOUNT/.gnupg /home/$(grep 'MY_USERNAME' temp.cfg | awk -F '=' '{print $2}')
+ GPG_LOADING="no"
+ else
+ cp -r $GPG_USB_MOUNT/.gnupg_fragments /home/$(grep 'MY_USERNAME' temp.cfg | awk -F '=' '{print $2}')
+ fi
- if [ -d $GPG_USB_MOUNT/.ssh ]; then
- cp $GPG_USB_MOUNT/.ssh/* /home/$(grep 'MY_USERNAME' temp.cfg | awk -F '=' '{print $2}')/.ssh
- fi
+ if [ -d $GPG_USB_MOUNT/.ssh ]; then
+ cp $GPG_USB_MOUNT/.ssh/* /home/$(grep 'MY_USERNAME' temp.cfg | awk -F '=' '{print $2}')/.ssh
+ fi
- umount $GPG_USB_MOUNT
- rm -rf $GPG_USB_MOUNT
+ umount $GPG_USB_MOUNT
+ rm -rf $GPG_USB_MOUNT
+ if [[ $GPG_LOADING == "yes" ]]; then
+ dialog --title "Encryption keys" \
+ --msgbox "Now remove the USB drive. Insert the next drive containing a key fragment, or select Ok to finish" 6 70
+ fi
+ GPG_CTR=$((GPG_CTR + 1))
+ done
}
function interactive_gpg {
@@ -342,7 +413,7 @@ function interactive_gpg {
dialog --backtitle "Freedombone Configuration" \
--radiolist "GPG/PGP keys for your system:" 13 70 3 \
1 "Generate new keys (new user)" on \
- 2 "Import keys from a USB drive" off \
+ 2 "Import keys from USB drive/s" off \
3 "Retrieve keys from friends servers" off 2> $data
sel=$?
case $sel in
@@ -354,7 +425,7 @@ function interactive_gpg {
2) interactive_gpg_from_usb
return;;
3) interactive_gpg_from_remote
- if [ ! "$?" = "0" ]; then
+ if [ ! "$?" = "0" ]; then
GPG_CONFIGURED="no"
fi;;
esac
diff --git a/src/freedombone-recoverkey b/src/freedombone-recoverkey
index f90f6e0bc9521e21fb9f4d84879b875c1ccfe499..6d936a9ce649adcbd80270e4b8b4b0314b5ca7d1 100755
--- a/src/freedombone-recoverkey
+++ b/src/freedombone-recoverkey
@@ -117,7 +117,7 @@ if [ $FRIENDS_SERVERS_LIST ]; then
fi
fi
done < $FRIENDS_SERVERS_LIST
-fi
+fi
# was a directory created?
if [ ! -d $FRAGMENTS_DIR ]; then
@@ -154,13 +154,11 @@ su -c "gpg --allow-secret-key-import --import $KEYS_FILE" - $MY_USERNAME
if [ ! "$?" = "0" ]; then
echo 'Unable to import gpg key'
shred -zu $KEYS_FILE
- rm -rf /home/$MY_USERNAME/.tempgnupg
exit 3682
fi
shred -zu $KEYS_FILE
chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
chmod -R 600 /home/$MY_USERNAME/.gnupg
-rm -rf /home/$MY_USERNAME/.tempgnupg
echo 'GPG key was recovered'